Lead Image © Duncan Andison, 123RF.com

Lead Image © Duncan Andison, 123RF.com

New security features in Windows 10

Fresh Start

Article from ADMIN 31/2016
By
With each version of Windows, Microsoft has expanded the built-in security functions. Windows 10 includes a number of new and interesting security features.

Microsoft has responded to the changes in IT threat management with a number of new Windows 10 security functions [1]. Read on for a summary of some important new security features in Windows 10.

Updates

The vast majority of security advisories come with one common warning: Update your system! System updates are a necessity on today's networks, and a number of extensions to the update process [2] are waiting for you in Windows 10. These extensions include distribution rings, which you can use to determine the order in which devices and servers are patched. It is possible, for example, to patch only unimportant computers or test computers in an initial wave of updates to first test the effects of the update on your production environment.

Distribution rings make it possible to patch systems based on both importance and membership. For example, you can update a domain controller first and then the Exchange Server that requires the domain controller's Active Directory services to operate correctly. Windows Update for Business makes it possible to define maintenance windows in which computers are supplied with updates. Using these tools, you can meet any requirements your company might have and just install updates at a convenient time when the disruptions associated with installing updates will have little or no effect.

A tool called BranchCache lets you copy Windows updates to computers in branch offices and remote sites with low bandwidth for local distribution. This technique removes the need to run a Windows Update distribution solution such as Windows Server Update Services (WSUS) at all locations. Storing updates once only at branch offices also saves network bandwidth.

Only Signed Apps

Device Guard [3] is a new technology in Windows 10 that aims to prevent malicious software from running on the system. The Device Guard function only allows trusted or digitally signed apps on the machine, thus protecting against new, unknown malware and advanced persistent threats (APT). Device Guard even protects portable applications that run from a USB stick.

The system administrator can use central guidelines to determine the sources from which apps are classified as trusted. It is possible to block or allow both universal apps and Win32 apps. Device Guard defends itself from manipulation by isolating the related code and processes using hardware and virtualization technologies from other components. Compared with similar Microsoft technologies such as AppLocker, Device Guard's strength is that it prevents the intruder from manipulating the test process itself. In the future, Device Guard could form the platform for other anti-virus and anti-malware technologies.

Compartmentalized Apps

Microsoft is tying to implement new functions for separating business and personal information in Windows 10 Mobile apps. This capability would let you create separate environments for using a smartphone privately and professionally. Microsoft is thus closing the gap with BlackBerry and Android devices (e.g., Samsung KNOX), which have similar technologies. This feature could combine with Device Guard to make it possible for administrators to define a list of trusted apps that can run on the device.

Integrated identification protection in Windows 10 makes it easy to sign in to a device, app, or website. A two-component test based on similar tests for smartcards is already integrated into the system. Companies will be able to customize the app store according to their needs in the future. This way it will be possible to use volume licenses for apps; app distribution will be more flexible, and administrators will be able to recover and reuse licenses.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus